Method for securing data in a telecommunications system

ABSTRACT

A subscriber network is operated bidirectionally and has one or more coaxial line tree networks which are shared in each case by a plurality of subscriber-end network termination units and extend between such subscriber-end network termination units and has a higher level connection unit. The coaxial line tree network or networks can be connected in each case, via a converter device, to an optical waveguide, preferably of an optical waveguide tree network, containing optical splitters, and can be connected via said optical waveguide or waveguides to the associated connection unit, for the purposes of securing data. The public key is determined in each case from a secret key prescribed in the subscriber-end network termination unit. The public key is upwardly transferred to the connection unit where it is used to encrypt (secondary key) information in order to match the subscriber-end network termination unit to repeatedly changed transmission modalities provided individually for this subscriber-end network termination unit in the connection unit.

BACKGROUND OF THE INVENTION

Relatively recent developments in telecommunications technology aregiving rise, at the level of subscriber lines, to passive opticaltelecommunications systems in which in each case a plurality ofdecentralized devices (subscriber stations or so-called distant unitscombining in each case a plurality of subscriber stations) is connectedin each case via a separate optical waveguide subscriber line to anoptical splitter which is connected directly or via at least one furtheroptical splitter to a common optical waveguide connection of a centraldevice--realized in particular by means of a switching center--via anoptical waveguide bus (EP-A-0 171 080; ISSLS '88, Conf. Papers 9.4.1 . .. 5; BR Telecom Technol. J. 17(1989)2, 100 . . . 113).

In such a passive optical telecommunications network, the transmissionof signals from the central device "downstream" to the decentralizeddevices can proceed in a TDM cell stream from which each decentralizeddevice only receives the cells intended for this particulardecentralized device, and the transmission of signals from thedecentralized devices "upstream" to the central device can proceed usinga TDMA method, according to which a decentralized device emits eachburst synchronized with the aid of a delay device which is set in adevice-specific way from the central device (EP-A-0 460 398). Thedownstream transmission of signals from the central device to thedecentralized devices and the upstream transmission of signals from thedecentralized devices to the central device can also proceed in thiscontext in one and the same wavelength window (for example using equalband mode at 1.3 μm).

The introduction of new broadband communication services depends quitegenerally on the type and scope of the already existingtelecommunications infrastructures with the telecommunications servicesmade available in them and on the demand for broadbandtelecommunications possibilities. In this context, potentially thegreatest connection volume is considered to be in private households;however, this connection potential cannot be translated into effectivedemand for connections without the cost of a broadband subscriberconnection being appropriately low.

Various connection possibilities are currently being discussed in orderto permit a subscriber to use broadband ISDN services (examples of thisare interactive video on demand (VoD), teleshopping, informationsearching, and also narrowband services such as (N-)ISDN or conventionaltelephone services (POTS)). Solutions in which already existinginfrastructure can be used are particularly attractive. For example thecoaxial cable networks of CATV providers constitute an appropriatemedium: the frequency range of for example 50-450 MHz (in Germany) isused by conventional analog signal television channels; the range belowand above the analog signal television distribution has hitherto beenfree and can be used for new services. In the USA part of the rangewhich has been free hitherto is used for so-called cablephone by anumber of cable TV companies. Other operators are considering a morecomprehensive system which provides a large part of the abovementionedservices within the scope of an access network, for example on an ATMbasis, it being usually possible, because of the limited range, toconnect a fiber optic feeder upstream of the coaxial subnetworks(TELEPHONY, 01.11.93, 48 . . . 53). In addition to a passive opticalnetwork (PON) with expansion by means of a coaxial line tree network forunidirectional distributive communication (TV), a further passiveoptical network (PON) has already been used for bidirectionalinteractive switched telecommunications (Der Fermeldeingenieur TheTelecommunications Engineer! 46(1992)10, FIG. 11.2 System OPAL 4). In aparticularly advantageous configuration of a subscriber network, thecoaxial line tree networks are connected, in each case by a converterdevice, to an optical waveguide tree network, containing opticalsplitters, for both bidirectional telecommunications services,preferably in transposed band mode, and unidirectional distributivecommunications services (DE-P 44 06 509.4); this permits a large numberof subscribers to be provided very economically both with distributivecommunications services and with interactive switched telecommunicationsservices. In this context, the optical waveguide tree network may be apassive optical network or an active optical network provided withamplifiers; independently of the above, and of one another, theindividual coaxial line tree networks may be amplifier-free passivecoaxial line tree networks or active ones provided with amplifiers. Thisflexibility permits even networks with entirely different ranges to berealized.

In optical double star networks which are formed with passive fiberoptic couplers and in which each decentralized telecommunications devicereceives the downstream information emitted by the centraltelecommunications device and extracts from the said information onlythe information intended for it in order to pass it on to the connectedsubscriber or subscribers, it is possible in principle to accessinformation which is intended for other subscribers which are connectedto other decentralized telecommunications devices. Effectivesafeguarding of a passive optical telecommunications system againstunauthorized access to the digital signals transmitted therein isprovided by a method (known from DE-C1-42 04 461) for securing data in atelecommunications system with a central telecommunications device and aplurality of decentralized telecommunications devices which are eachconnected via a separate optical waveguide subscriber line to an opticalsplitter which is connected directly or via at least one further opticalsplitter to a common optical waveguide connection of the centraltelecommunications device via an optical waveguide bus, the transmissionof signals from the central telecommunications device to thedecentralized devices proceeding in a multiplex frame or in an ATM cellstream, and the transmission of signals from the decentralizedtelecommunications devices to the central device proceeding in each casein a time slot, assigned to the respective decentralized device, of themultiplex frame, the transmission proceeding preferably with adaptivecontrol of the timing of the time slot using a TDMA method or by meansof ATM cells using a TDMA method; as a result of this method, a publickey is determined from a secret key prescribed in a decentralizedtelecommunications device, said public key being upwardly transferred tothe central telecommunications device where it is used to encrypt(secondary key) information in order to match the decentralized deviceto repeatedly changed transmission modalities provided individually forthis decentralized device in the central device.

However, the problem of unauthorized access to digital signalstransmitted in a telecommunications system arises not only in passiveoptical networks (PON) of the type outlined above but also in otherpoint-to-multipoint networks, and this problem can also be dealt with insuch networks in accordance with the known (from DE-C1-42 04 461) methodprinciple. For example, in particular also in a (preferably cellular)radio network with a plurality of radio subscribers and at least onebase station, for securing data a public key can be determined in eachcase from a secret key prescribed on the part of the subscriber, saidpublic key being upwardly transferred to the base station where it isused to encrypt (secondary key) information in order to match the radiosubscriber to repeatedly changed transmission modalities providedindividually for this radio subscriber in the base station.

SUMMARY OF THE INVENTION

The invention indicates a way of effectively securing telecommunicationstraffic against unauthorized access to the digital signals transmittedtherein in a subscriber network which can be operated bidirectionallyand has one or more coaxial line tree networks which are shared in eachcase by a plurality of subscriber-end network termination units andextend between such subscriber-end network termination units and ahigher level connection unit. The invention relates to a method forsecuring data in a telecommunications system with a plurality ofdecentralized telecommunications devices and a telecommunications devicewhich is central with respect thereto, in accordance with which a publickey is determined from a secret key prescribed in a decentralizedtelecommunications device, said public key being upwardly transferred tothe central telecommunications device where it is used to encrypt(secondary key) information in order to match the decentralized deviceto repeatedly changed transmission modalities provided individually forthis decentralized device in the central device. This method ischaracterized in that,

in a subscriber network which can be operated bidirectionally and hasone or more coaxial line tree networks which are shared in each case bya plurality of subscriber-end network termination units and extendbetween such subscriber-end network termination units and a higher levelconnection unit,

in which said coaxial line tree network or networks can be connected, ineach case via a converter device, to an optical waveguide (OB),preferably of an optical waveguide tree network, containing opticalsplitters, and

can be connected via said optical waveguide or waveguides to theassociated connection unit,

and in which the transmission of signals from the associated connectionunit to the subscriber-end network termination units proceeds in amultiplex frame or in an ATM cell stream and the transmission of signalsfrom the subscriber-end network termination units to the associatedconnection unit proceeds in each case in a time slot, assigned to therespective subscriber-end network termination unit, of the multiplexframe, this transmission proceeding preferably with adaptive control ofthe timing of the time slot using a TDMA method or by means of ATM cellsusing a TDMA method,

for securing data, the public key is determined in each case from asecret key prescribed in the subscriber-end network termination unit,said public key being upwardly transferred to the connection unit whereit is used to encrypt (secondary key) information in order to match thesubscriber-end network termination unit to repeatedly changedtransmission modalities provided individually for this subscriber-endnetwork termination unit in the connection unit.

The invention provides the advantage of being able to dispense with anexchange of secret keys and nevertheless ensure a high degree ofsecurity of the digital signals, transmitted from the connection unitdownstream to the subscriber-end network termination devices, againstunauthorized access and monitoring even if the connections have existedfor a relatively long time (in particular dedicated lines) or else areasymmetric connections with different data rates in the two transmissiondirections. The necessary computational outlay for a public key methodis in principle high, but since the encrypted communication of newtransmission modalities is necessary only occasionally, namely inconjunction with a change in such modalities carried out by theconnection unit at specific time intervals, the timing of thecalculation of the key and of the encryption is not critical so that itcan be carried out offline by software means using a relatively simplearithmetic unit.

For the actual securing of the continuous digital signal stream, in afurther refinement of the invention, the assignment of the time slots tothe individual subscriber-end network termination units can berepeatedly changed within the scope of the TDM downstream signal in thatthe higher level connection unit determines, by means of a random numbergenerator, a random new time slot assignment for the individualsubscriber-end network termination units and communicates the timing ofthe time slot or slots assigned to one of the network termination units,having been encrypted using a public key transferred by the respectivesubscriber-end network termination unit, to the respectivesubscriber-end network termination unit which decrypts thiscommunication with the associated secret key, after which the change iscarried out starting from one specific multiplex frame.

In order to improve further data security against an attack on thesecret key, which can in principle not be excluded with an appropriatelyhigh computational outlay, in a further refinement of the invention thesubscriber-end network termination unit can transfer, after a specificnumber of multiplex frames, a new public key, which has been calculatedby said network termination unit, to the higher level connection unit,which itself, after a new time slot assignment to the subscriber-endnetwork termination units has been determined and the respective timeslot position has been encrypted again, in turn individuallycommunicates to each subscriber-end network termination unit thereordering of the time slot assignment, which is then carried outstarting from a specific multiplex frame.

According to another refinement of the invention, the initial positionand/or the structure of scramblers which are provided in the higherlevel connection unit and are assigned to the individual subscriber-endnetwork termination units and of descramblers, which are provided in thesubscriber-end network termination units, can be repeatedly changed atthe start of a frame in that the higher level connection unitdetermines, by means of a random number generator, in each case a randomnew initial position and/or structure for the scramblers assigned to theindividual subscriber-end network termination units and communicates theassociated initial position and/or structure of the associateddescrambler, having been encrypted using a public key transferred by therespective subscriber-end network termination unit, to the respectivesubscriber-end network termination unit which decrypts thiscommunication using the associated secret key, after which the change iscarried out starting from a specific frame.

This modification which can also be restricted to individualdecentralized telecommunications devices with subscribers which are inparticular need of security, can also be used in the transmission of ATMcells: The useful signal which is contained in the cell is scrambled inthe connection unit and only the network termination unit forming thedestination of the ATM cell knows how to descramble the signal since theinitial position necessary at the start of the useful information part(payload) of the cell, and if appropriate also the structure of thescrambler, has been communicated in an encrypted form which only it canunderstand. In order to further improve data security against an attackon the secret key, in a further refinement of the invention, thesubscriber-end network termination unit can, after a specific number offrames, transfer a new public key, calculated by said networktermination unit, to the higher level connection unit which itself,after a new scrambler initial position and/or structure has beendetermined and the respectively associated descrambler initial positionand/or structure has been encrypted again, in turn individuallycommunicates to each subscriber-end network termination unit the changein the initial position and/or structure which is then carried outstarting from a specific frame.

According to another refinement of the invention, the assignment ofaddresses to the individual subscriber-end network termination units canbe repeatedly changed in that the higher level connection unitdetermines, by means of a random number generator, a random new addressassignment for the individual subscriber-end network termination unitsand communicates the respective new address information, having beenencrypted using a public key transferred by the respectivesubscriber-end network termination unit, to the respectivesubscriber-end network termination unit which decrypts thiscommunication using the associated secret key, after which the change istaken into account starting from a specific multiplex frame.

In this context, the subscriber-end network termination unit cantransfer, after a specific number of multiplex frames, a new public key,calculated by said network termination unit, to the higher levelconnection unit which itself, after a new address assignment to thesubscriber-end network termination units has been determined and therespective address information has been encrypted again, in turnindividually communicates to each subscriber-end network terminationunit the reordering of the address assignment which is then taken intoaccount starting from a specific multiplex frame.

There is no need whatsoever for all these method procedures--which cangenerally be used in point-to-multipoint networks--to proceedsimultaneously for all the decentralized devices; instead, it issufficient that, in a further refinement of the invention, thetransmission modalities for various subscriber-end network terminationunits or groups of subscriber-end network termination units are changedat various times, which is a further impediment on an intervention.

BRIEF DESCRIPTION OF THE DRAWINGS

The features of the present invention which are believed to be novel,are set forth with particularity in the appended claims. The invention,together with further objects and advantages, may best be understood byreference to the following description taken in conjunction with theaccompanying drawings, in the several Figures of which like referencenumerals identify like elements, and in which:

The single FIGURE provides a schematic view, to an extent which isnecessary for comprehension of the invention, of a subscriber networkwhich can be operated bidirectionally. In this context, coaxial linenetworks CN are shown in the right hand part of the drawing in thecustomary tree structure in which they are usually already laid.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

At the subscriber end (see the single FIGURE), the coaxial lines areterminated, in each case with a network termination device NT/A whichwould be capable of converting its reception and transmission signals ineach case in such a way that the connection of customary terminals ispossible; a network termination device NT/A has for example ports forcable television and video on demand, for conventional telephoneservices (POTS) and/or narrowband ISDN or even for any broadband ISDNservice.

At the end remote from the subscriber, the coaxial line networks CN areconnected in each case via an optical/coaxial converter device OCC to anoptical subscriber line of an optical waveguide network OB which isbranched using optical splitters V and which connects the coaxial linenetworks to a connection unit CU/A preferably formed with a (ATM) crossconnect. A plurality of such optical waveguide networks OB can beconnected to such a connection unit CU/A, as is also indicated in thedrawing; in a corresponding way, as is likewise indicated in the drawinga plurality, for example up to four, coaxial line subnetworks CN can beconnected to a converter device OCC. If a coaxial line network CNpermits for example 100 subscribers to be connected, the converterdevice OCC serves 400 subscribers and the connection unit CU/A servesfor example 2000 to 4000 subscribers.

The transmission in the subscriber network can also proceed according tothe synchronous transfer mode STM or on the basis of ATM cells(cell-based) with a system-specific overhead. In this context, the datarate, at for example 622 Mbit/s will be higher in the transmissiondirection to the subscriber (downstream) than the data rate in theopposite transmission direction (upstream) at for example 155 Mbits/s,in which case, in terms of transmission technology, the downstreamtransmission can proceed in a plurality of channels (for example in fourchannels at 155 Mbit/s each).

In the system outlined in the drawing, analog TV cable signals are fedin from a CATV head end into the connection unit CU/A which is shared bythe connected subscribers, and said signals are transmitted to all theconnected subscribers. These television signals can be received in acustomary way at the subscriber's premises by a television receiverwhich is connected to the subscriber's network termination device NT/Aand is indicated in the drawing by TV.

It will be assumed that, in addition to the analog TV signals, digitalsignals in the ATM format are fed to the connection unit CU/A in thetelecommunications system outlined in the drawing. Such signals can befor example digital video signals of a video on demand service (alsoincluding an ATM reverse channel for program selection by the TVsubscriber) or else broadband interactive data signals, the digitalvideo signals being likewise received by the television receiver TV bymeans of an appropriate add-on device (set top box) (not illustratedspecifically in the drawing).

Furthermore, narrowband ATM voice and, if appropriate, also data signalscan be transmitted in both directions in the system outlined in thedrawing, which is indicated in the drawing by a telephone connected tothe network termination device NT/A. Further services which can requirethe connection of further terminals to the respective networktermination device NT/A are possible without the need to illustrate thisin the drawing.

The ATM signals are fed through an ATM switching device ASN. For videoon demand in this context, it is necessary to have a video server VS inwhich the video programs (films) to be called up are stored, to beprecise usually in digital and data-compressed form, for example inaccordance with the MPEG2 algorithm, produced by ISO MPEG, at forexample 4 Mbit/s. It would be assumed that the server VS is controlledby a controller VODC which evaluates signaling information coming fromthe connected subscribers via the respective reverse channel, andcontrols appropriately both the outputting of programs from the videoserver VS and the ATM coupling device ASN.

The general use of the asynchronous transfer mode (ATM) for the digitalsignals of all the services (with the exception of the TV distributionservice which is based on analog signal transmission) is extraordinarilyadvantageous owing to its high flexibility. Signals with any desired,different data rates may be mixed as desired; a selection of data ratesin accordance with specific hierarchy levels is superfluous. This isvery interesting in particular also for video transmission since, on theone hand, a generally agreed data rate for a video signal does not inany case exist and, on the other hand, different levels of image qualitycan be provided by selecting different data rates.

The access of the subscribers (NT/A) to the network is subject to a TDMAaccess procedure; such TDMA access procedures are known (for examplefrom Intern. J. of Digital and Analog Communication Systems, 6 (1993),143 . . . 149) and do not need to be explained further here, especiallysince this is not necessary for comprehension of the invention. Theaccess procedure for TDMA access to the network in the upstreamdirection can be effective for the entire subscriber network CN, OB. Asan alternative to this, separate access procedures for TDMA access inthe upstream direction are also possible for the optical waveguide treenetwork and individual coaxial line tree networks, access to the opticalwaveguide tree network being effected by the appropriately equipped,respective converter device OCC.

The separation of the interactive telecommunications services from thedistribution services is usually effected by means of wavelengthmultiplexing; as is also indicated in the drawing, the signals of theinteractive services are transferred at wavelengths λ_(i) down and λ_(i)up and those of the distribution services are transferred at wavelengthsλ_(j). In this context, the indices i and j indicate that the wavelengthmultiplexing principle can be applied not only for separating servicesbut also, if appropriate, for increasing capacity. In this context, toeach converter device there can be individually assigned one or morepairs of wavelengths.

In the exemplary embodiment outlined in the drawing the networktermination units NT/A are each provided with a descrambler Descr whichdescrambles the digital signal which is intended for the respectivenetwork termination unit and has been scrambled in the associatedconnection unit CU/A. The connection unit CU/A has, for scramblingpurposes, in each case a separate scrambler Scr, Scr, . . . per networktermination unit NT/A. The scramblers do not have to be realized usinghardware but can also be realized by means of software, as can thedescramblers, or by means of a single hardware structure which can beswitched over. Scramblers and descramblers are repeatedly changed; forthis purpose, the necessary initial position for the descrambler Descris communicated to the network termination unit NT/A in each case at thecorrect time by the connection unit CU/A, having been encrypted using aso-called public key. For this purpose, the network termination unitsNT/A prescribe a secret key and determine a public key for it, which canbe effected in each case using a computer R provided in the networktermination units NT/A. Encrypted using the public key transmitted tothe connection unit CU/A, the aforesaid information about the initialposition of the descrambler Descr, to a certain extent as an item ofsecondary key information is sent by the connection unit CU/A; thisinformation about the changed transmission modalities can be decryptedonly with the secret key on which it is based, and thus only by thatnetwork termination unit NT/A for which the respective information isintended.

Public key methods are known per se (for example from ntz 38 (1985) 9,636 . . . 638; they use so-called one way functions to form keys. Oneway functions are functions whose function value can be calculatedrelatively easily while the calculation of the inverse values isvirtually impossible. "Easily" and "virtually impossible" mean here thecomputational outlay and thus depend on the state of development of therespective generation of computers. (Jansen, Pohlmann: "Kryptographie inder Telematik Cryptography in Telematics!", ntz 38 (1985) 9, 636 . . .638):

Thus, a known public key method is based for example on the fact that itis quite simple to calculate a large natural number by multiplying anumber of primary numbers but that it is virtually impossible todecompose this large natural number back into its primary factors(Rivest, Shamir, Adleman: "A method for obtaining digital signatures andpublic-key cryptosystems", Communications of the ACM 21(1978)2, 120 . .. 126). In this so-called RSA method, a key text C is obtained from aplain text M by means of a mathematical transformation

    C=M.sup.e (mod n).

The inverse transformation with which the plain text is obtained againfrom the key text is as follows

    M=C.sup.d (mod n).

M is a positive integer which must lie between 0 and n-1. The followingkey pairs are then obtained:

(e,n) for the public key and

(d,n) for the secret key.

In the calculation of the keys, n is initially calculated as a productof two very large, freely selected primary numbers p and q (thesenumbers are generated by means of a random number generator and remainsecret):

    n=p·q,

where p is unequal to q.

Since conversely determining the primary numbers p and q from n leads toenormous difficulties, n may be disclosed as a component of the publickey.

The secret key d used is a freely selected, large integer (approximately100 place integer in serious applications) which has to be relativelyprime in respect of (p-i)·(q-1). Once p, q and d have been determined inthis way, the public key e can be generated by means of "inversemultiplication":

e·d (mod(p-1)·(q-1))=1.

There are special mathematical algorithms for generating primary numbersand keys. However, owing to the complex computational processes thepossible throughput rate is low (several zig bit/s).

The initial position of the scramblers Scr which are provided in theconnection unit CU/A and are assigned to the individual networktermination units NT/A and of the descramblers Descr which are providedin the network termination units NT/A may be repeatedly changed in thatthe connection unit CU/A determines, by means of a random numbergenerator Z, in each case a random new initial position for thescramblers Scr assigned to the individual network termination unitsNT/A, stores it in a table and communicates the respectively associatedinitial position of the associated descrambler Descr, having beenencrypted using the public key, to the respective network terminationunit NT/A; this communication can proceed by means of a simple protocolin a data channel in the TDM/TDMA overhead and/or in ATM cells intendedfor this. In the network termination unit NT/A the communication isdecrypted using the associated secret key, after which the change iscarried out starting from a specific frame.

The network termination unit NT/A can calculate new keys at specifictime intervals and transfer the new public key calculated by it to thehigher level connection unit CU/A; the connection unit CU/A can then,after determining a new scrambler initial position encrypt theassociated descrambler initial position with the new public key andcommunicate the change in the initial position to the respective networktermination unit NT/A, which initial position is then in turn carriedout starting from a specific frame. Not only the initial setting butalso the structure of the scrambler and descrambler can be changed atregular or irregular time intervals in order to impede unauthorizedmonitoring.

Another possible way of securing the subscriber network againstunauthorized access to digital signals transmitted therein in multiplexframes consists for example in the assignment of the time slots to theindividual network termination units NT/A in the downstream multiplexframe which is decisive for a TDM transmission of signals from thehigher level connection unit CU/A to the network termination units NT/Abeing changed repeatedly: in this context, the connection unit CU/Adetermines, by means of a random number generator, a random new timeslot assignment for the individual network termination units NT/A,stores it in a table and communicates the timing of the time slot orslots assigned to it, having been encrypted using the public keytransferred by the respective network termination unit NT/A, to therespective network termination unit NT/A; this communication can in turnproceed by means of a simple protocol in a data channel in the TDM/TDMAoverhead. In the network termination unit NT/A, the communication isdecrypted using the associated secret key, after which the change iscarried out starting from a specific multiplex frame.

Here too, the network termination unit NT/A can from time to timecalculate new keys and transfer the new public key calculated by it tothe connection unit CU/A which then, starting from the next change inthe time slot assignment, communicates the respective new time slot,having been encrypted using the new public key, to the respectivenetwork termination unit NT/A. The network termination unit NT/A cannotaccess for a relatively long time a time slot which is not assigned toit, which makes unauthorized monitoring impossible.

Another possible way of securing the subscriber network againstunauthorized access to digital signals transmitted therein in the formof ATM cells consists, for example, in the assignment of addresses tothe individual subscriber-end network termination units NT/A beingchanged repeatedly: in this context, the higher level connection unitCU/A determines, by means of a random number generator, a random newaddress assignment for the individual subscriber-end network terminationunits NT/A, stores it in a table and communicates the respective newaddress information, having been encrypted using a public keytransferred by the respective subscriber-end network termination unitNT/A, to the respective subscriber-end network termination unit NT/A, itbeing possible for this communication in turn to proceed in ATM cellsintended for this purpose. In the network termination unit NT/A, thecommunication is decrypted using the associated secret key, after whichthe change is taken into account starting from a specific multiplexframe.

In turn, the subscriber-end network termination unit NT/A can transferfrom time to time a new public key calculated by it to the higher levelconnection unit CU/A which itself, after a new address assignment to thesubscriber-end network termination units NT/A has been determined andthe respective address information has been encrypted again, in turncommunicates individually to each subscriber-end network terminationunit NT/A the reordering of the address assignment which is then takeninto account starting from a specific multiplex frame.

At this point it is necessary to note in particular that the repeatedchange in the assignment of addresses to the individual subscribers isnot tied to a subscriber network which can be operated bidirectionallyand has one or more coaxial line tree networks which are shared in eachcase by a plurality of subscriber-end network termination units andextend between such subscriber-end network termination units and ahigher level connection unit, but rather that, in quite general termsfor securing data in a telecommunications system with a plurality ofdecentralized telecommunications devices and a telecommunications devicewhich is central with respect thereto and in which the transmission ofsignals to the subscriber-end network termination units proceeds in anATM cell stream, the assignment of addresses to the individualsubscriber-end network termination units can also be changed repeatedlyin that the higher level connection unit determines, by means of arandom number generator, a random new address assignment for theindividual subscriber-end network termination units and communicates therespective new address information, having been encrypted using a publickey transferred by the respective subscriber-end network terminationunit, to the respective subscriber-end network termination unit whichdecrypts this communication using the associated secret key, after whichthe change is taken into account starting from a specific multiplexframe.

The key devices S as such (indicated in the drawing in the connectionunit CU/A and in the network termination units NT/A) can be realized ina manner known per se in the form of digital arithmetic units so thatfurther explanations of this are not necessary at this point; the sameapplies also to the random number generator Z indicated in theconnection unit CU/A.

What is claimed is:
 1. A method for securing data in atelecommunications system with a plurality of decentralizedtelecommunications devices and a central telecommunications device,comprising the steps of:determining a secret key in a decentralizedtelecommunications device; determining a public key from the secret keyprescribed in the decentralized telecommunications device, said publickey being transferred to the central telecommunications device where thepublic key is used to encrypt information in order to match thedecentralized device to repeatedly changed transmission modalitiesprovided individually for this decentralized device in the centraltelecommunications device; bidirectionally operating a subscribernetwork which has at least one coaxial line tree network which isrespectively shared by a plurality of subscriber-end network terminationunits and which extends between such subscriber-end network terminationunits and a higher level connection unit; connecting said at least onecoaxial line tree network via a converter device to an optical waveguideof an optical waveguide tree network, containing optical splitters, andvia said optical waveguide to the associated connection unit;transmitting signals from the associated connection unit to thesubscriber-end network termination units in a multiplex frame or in anATM cell stream, the transmission of signals from the subscriber-endnetwork termination units to the associated connection unit proceedingrespectively in a time slot, assigned to the respective subscriber-endnetwork termination unit, of the multiplex frame, this transmissionproceeding with adaptive control of the timing of the time slot using aTDMA method or by ATM cells using a TDMA method; determining, forsecuring data, the public key in each case from a secret key prescribedin the subscriber-end network termination unit, said public key beingupwardly transferred to the connection unit where it is used to encryptinformation for matching the subscriber-end network termination unit torepeatedly changed transmission modalities which are providedindividually for this subscriber-end network termination unit in theconnection unit.
 2. The method as claimed in claim 1, wherein at leastone of an initial position and structure of scramblers which areprovided in the higher level connection unit and which are assigned tothe individual subscriber-end network termination units and ofdescramblers which are provided in the subscriber-end networktermination units is repeatedly changed at a start of a frame in thatthe higher level connection unit determines, by a random numbergenerator, in each case at least one of a random new initial positionand structure for the scramblers assigned to the individualsubscriber-end network termination units and communicates at least oneof an associated initial position and structure of an associateddescrambler, having been encrypted using a public key transferred by therespective subscriber-end network termination unit, to the respectivesubscriber-end network termination unit which decrypts thiscommunication using the associated secret key, after which change iscarried out starting from a specific frame.
 3. The method as claimed inclaim 2, wherein the subscriber-end network termination unit transfers,after a specific number of frames, a new public key, calculated by saidnetwork termination unit, to the higher level connection unit which,after at least one of a new scrambler initial position and structure hasbeen determined, and at least one of the respectively associateddescrambler initial position and structure of each subscriber-endnetwork termination unit has been encrypted again, in turn individuallycommunicates the change in at least one of the initial position andstructure which is then carried out starting from a specific frame. 4.The method as claimed in claim 1, wherein assignment of time slots tothe individual subscriber-end network termination units in a multiplexframe is repeatedly changed in that the higher level connection unitdetermines, by a random number generator, a random new time slotassignment for the individual subscriber-end network termination unitsand communicates the timing of the time slot or slots assigned to one ofthe network termination units, having been encrypted using a public keytransferred by the respective subscriber-end network termination unit,to the respective subscriber-end network termination unit which decryptsthis communication using the associated secret key, after which changeis carried out starting from a specific multiplex frame.
 5. The methodas claimed in claim 4, wherein the subscriber-end network terminationunit transfers, after a specific number of multiplex frames, a newpublic key, calculated by said network termination unit, to the higherlevel connection unit which, after a new time slot assignment to thesubscriber-end network termination units has been determined and therespective time slot position has been encrypted again, in turnindividually communicates to each subscriber-end network terminationunit a reordering of the time slot assignment which is then carried outstarting from a specific multiplex frame.
 6. The method as claimed inclaim 1, wherein assignment of addresses to individual subscriber-endnetwork termination units is repeatedly changed in that the higher levelconnection unit determines, by a random number generator, a random newaddress assignment for the individual subscriber-end network terminationunits and communicates the respective new address information, havingbeen encrypted using a public key transferred by the respectivesubscriber-end network termination unit, to the respectivesubscriber-end network termination unit which decrypts thiscommunication using the associated secret key, after which change istaken into account starting from a specific multiplex frame.
 7. Themethod as claimed in claim 6, wherein the subscriber-end networktermination unit transfers, after a specific number of multiplex frames,a new public key, calculated by said network termination unit, to thehigher level connection unit which, after a new address assignment tothe subscriber-end network termination units has been determined and therespective address information has been encrypted again, in turnindividually communicates to each subscriber-end network terminationunit the new address assignment which is then taken into accountstarting from a specific multiplex frame.
 8. The method as claimed inclaim 1, wherein the transmission modalities for one of varioussubscriber-end network termination units and groups of subscriber-endnetwork termination units are changed at various times.